Wednesday, March 07, 2007

what is a man-in-the-middle attack?

a man-in-the-middle attack is a type of attack where the attacker tricks both sides of a 2-way interaction into believing s/he is the other entity in the transaction...

for example in a man-in-the-middle attack, you might think you're talking to your friend bob when in fact you're talking to mallory who then passes on what you say to bob... bob in turn thinks he's talking to you but in fact is also talking to mallory who then passes on what bob says to you... mallory gets to see both sides of the conversation and even has the opportunity to subtly change it for some nefarious purpose, perhaps to make bob mad at you or something...

there are all kinds of contexts where man-in-the-middle attacks can be useful to an attacker - in simple terms they allow an attacker to gather data sent over what was believed to be a secure channel, whether that data is login credentials for a bank or encrypted web traffic sent to a secure site, and possibly even inject their own messages (such as a financial transaction) into the communications... the channel may even be secure in and of itself, but the problem is that the party at the other end isn't who they claim to be... securing the channel over which communication occurs doesn't secure the communication unless you also authenticate (make sure they are who they say they are) the parties at both ends of the channel...